🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 13:19
This commit is contained in:
Hamza-Ayed
@@ -53,4 +53,79 @@ final class AuthController
|
||||
'data' => $request->user
|
||||
]);
|
||||
}
|
||||
|
||||
public function logout(Request $request): void
|
||||
{
|
||||
// Clear refresh token cookie
|
||||
setcookie('refresh_token', '', [
|
||||
'expires' => time() - 3600,
|
||||
'path' => '/api/v1/auth/refresh',
|
||||
'httponly' => true,
|
||||
'samesite' => 'Strict',
|
||||
'secure' => true
|
||||
]);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'message' => 'تم تسجيل الخروج بنجاح'
|
||||
]);
|
||||
}
|
||||
|
||||
public function refresh(Request $request): void
|
||||
{
|
||||
$refreshToken = $_COOKIE['refresh_token'] ?? null;
|
||||
|
||||
if (!$refreshToken) {
|
||||
Response::error('رمز التجديد مفقود', 'UNAUTHORIZED', 401);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$result = $this->authService->refresh($refreshToken);
|
||||
|
||||
// Set new refresh token in HttpOnly cookie
|
||||
setcookie('refresh_token', $result['refresh_token'], [
|
||||
'expires' => time() + (60 * 60 * 24 * 7),
|
||||
'path' => '/api/v1/auth/refresh',
|
||||
'httponly' => true,
|
||||
'samesite' => 'Strict',
|
||||
'secure' => true
|
||||
]);
|
||||
|
||||
unset($result['refresh_token']);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $result,
|
||||
'message' => 'تم تجديد الجلسة بنجاح'
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'REFRESH_FAILED', 401);
|
||||
}
|
||||
}
|
||||
public function register(Request $request): void
|
||||
{
|
||||
try {
|
||||
$result = $this->authService->register($request->getBody());
|
||||
|
||||
// Set refresh token in HttpOnly cookie
|
||||
setcookie('refresh_token', $result['refresh_token'], [
|
||||
'expires' => time() + (60 * 60 * 24 * 7),
|
||||
'path' => '/api/v1/auth/refresh',
|
||||
'httponly' => true,
|
||||
'samesite' => 'Strict',
|
||||
'secure' => true
|
||||
]);
|
||||
|
||||
unset($result['refresh_token']);
|
||||
|
||||
Response::json([
|
||||
'success' => true,
|
||||
'data' => $result,
|
||||
'message' => 'تم إنشاء الحساب وتسجيل الدخول بنجاح'
|
||||
]);
|
||||
} catch (Throwable $e) {
|
||||
Response::error($e->getMessage(), 'REGISTRATION_FAILED', 400);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,14 +5,19 @@ declare(strict_types=1);
|
||||
namespace App\Modules\Auth;
|
||||
|
||||
use App\Modules\Users\UserModel;
|
||||
use App\Modules\Tenants\TenantModel;
|
||||
use App\Modules\Subscriptions\SubscriptionModel;
|
||||
use App\Services\Security\JwtService;
|
||||
use Ramsey\Uuid\Uuid;
|
||||
use Exception;
|
||||
|
||||
final class AuthService
|
||||
{
|
||||
public function __construct(
|
||||
private readonly UserModel $userModel,
|
||||
private readonly JwtService $jwtService
|
||||
private readonly JwtService $jwtService,
|
||||
private readonly TenantModel $tenantModel,
|
||||
private readonly SubscriptionModel $subscriptionModel
|
||||
) {}
|
||||
|
||||
public function login(string $email, string $password): array
|
||||
@@ -55,4 +60,88 @@ final class AuthService
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
public function refresh(string $refreshToken): array
|
||||
{
|
||||
$parts = explode('.', $refreshToken);
|
||||
if (count($parts) !== 2) {
|
||||
throw new Exception("رمز التجديد غير صالحة");
|
||||
}
|
||||
|
||||
[$userId, $random] = $parts;
|
||||
$user = $this->userModel->find($userId);
|
||||
|
||||
if (!$user || !$user['is_active']) {
|
||||
throw new Exception("المستخدم غير موجود أو معطل");
|
||||
}
|
||||
|
||||
if (!$user['refresh_token_hash'] || !password_verify($refreshToken, $user['refresh_token_hash'])) {
|
||||
throw new Exception("جلسة العمل منتهية، يرجى تسجيل الدخول مرة أخرى");
|
||||
}
|
||||
|
||||
$accessToken = $this->jwtService->issueAccessToken([
|
||||
'user_id' => $user['id'],
|
||||
'tenant_id' => $user['tenant_id'],
|
||||
'role' => $user['role'],
|
||||
'assigned_company_id' => $user['assigned_company_id']
|
||||
]);
|
||||
|
||||
$newRefreshToken = $this->jwtService->issueRefreshToken($user['id']);
|
||||
|
||||
$this->userModel->update($user['id'], [
|
||||
'refresh_token_hash' => password_hash($newRefreshToken, PASSWORD_BCRYPT)
|
||||
]);
|
||||
|
||||
return [
|
||||
'access_token' => $accessToken,
|
||||
'refresh_token' => $newRefreshToken,
|
||||
'user' => [
|
||||
'id' => $user['id'],
|
||||
'name' => $user['name'],
|
||||
'email' => $user['email'],
|
||||
'role' => $user['role'],
|
||||
'assigned_company_id' => $user['assigned_company_id']
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
public function register(array $data): array
|
||||
{
|
||||
// 1. Check if tenant already exists
|
||||
if ($this->tenantModel->findByEmail($data['email'])) {
|
||||
throw new Exception("هذا البريد الإلكتروني مسجل مسبقاً");
|
||||
}
|
||||
|
||||
$tenantId = Uuid::uuid4()->toString();
|
||||
$userId = Uuid::uuid4()->toString();
|
||||
|
||||
// 2. Create Tenant
|
||||
$this->tenantModel->create([
|
||||
'id' => $tenantId,
|
||||
'name' => $data['tenant_name'],
|
||||
'email' => $data['email'],
|
||||
'status' => 'trial',
|
||||
'trial_ends_at' => date('Y-m-d H:i:s', strtotime('+14 days'))
|
||||
]);
|
||||
|
||||
// 3. Create Subscription
|
||||
$this->subscriptionModel->create([
|
||||
'tenant_id' => $tenantId,
|
||||
'plan' => 'basic',
|
||||
'status' => 'trial'
|
||||
]);
|
||||
|
||||
// 4. Create User
|
||||
$this->userModel->create([
|
||||
'id' => $userId,
|
||||
'tenant_id' => $tenantId,
|
||||
'name' => $data['user_name'],
|
||||
'email' => $data['email'],
|
||||
'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID),
|
||||
'role' => 'admin',
|
||||
'is_active' => 1
|
||||
]);
|
||||
|
||||
return $this->login($data['email'], $data['password']);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user